CVE-2025-14541

The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...

CVE-2025-14541

CVE-2025-14541 refers to the WordPress plugin “Lucky Wheel Giveaway” (versions up to and including 1.0.22) with a Remote Code Execution vulnerability. The root cause is PHP eval() being applied to user-controlled input via the conditional_tags parameter, allowing an authenticated attacker with Ad...

CVE-2025-14541 Lucky Wheel Giveaway <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter

The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...

CVE-2025-14541

The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...

CVE-2025-14541 Lucky Wheel Giveaway <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter

The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditionaltags parameter. This is due to the plugin using PHP's eval function on user-controlled input without proper validation or sanitization. This makes i...

WordPress plugin Lucky Wheel Giveaway 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress Lucky Wheel Giveaway plugin <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' Parameter vulnerability

Authenticated Administrator+ Remote Code Execution via 'conditionaltags' Parameter vulnerability discovered by Nguyen Truong Roll - FPT IS in WordPress Plugin Lucky Wheel Giveaway versions = 1.0.22...

CVE-2025-66064

CVE-2025-66064 : WordPress plugin Giveaways and Contests by RafflePress (versions = 1.12.20 or as indicated by the vendor) or apply vendor-provided mitigation per the connected docs. Monitor for additional updates from Red Hat/ENISA/CVE listings as referenced.

EUVD-2024-43395

Malicious code in bioql PyPI...

CVE-2021-24298

The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS...

CVE-2024-49332

Deserialization of Untrusted Data vulnerability in giveawayboost Giveaway Boost giveaway-boost allows Object Injection.This issue affects Giveaway Boost: from n/a through = 2.1.4...

CVE-2024-49332

Deserialization of Untrusted Data vulnerability in giveawayboost Giveaway Boost giveaway-boost allows Object Injection.This issue affects Giveaway Boost: from n/a through = 2.1.4...

CVE-2024-49332

Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4...

CVE-2024-49332 WordPress Giveaway Boost plugin <= 2.1.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in giveawayboost Giveaway Boost giveaway-boost allows Object Injection.This issue affects Giveaway Boost: from n/a through = 2.1.4...

CVE-2024-49332

CVE-2024-49332 is a PHP Object Injection vulnerability in WordPress Giveaway Boost plugin (

CVE-2024-49332 WordPress Giveaway Boost plugin <= 2.1.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4...

WordPress plugin Giveaway Boost 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-33474 · Unknown · Giveaway Boost

Name of the Vulnerable Software and Affected Versions: Giveaway Boost versions n/a through 2.1.4 Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. This is a security problem where an attacker can inject malicious objects into the system...

WordPress Giveaway Boost plugin <= 2.1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Giveaway Boost versions = 2.1.4...

WordPress Giveaway Boost Plugin <= 2.1.4 is vulnerable to PHP Object Injection

Software Giveaway Boost Type Plugin Vulnerable versions = 2.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49332 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID dc16e9530c12 Credits Mika Required privilege Unauthenticated...